Routing

 View Only
last person joined: yesterday 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
Expand all | Collapse all

Advice on configuring Juniper SRX300 IPSec backup tunnel to Mikrotik with two ISP

  • 1.  Advice on configuring Juniper SRX300 IPSec backup tunnel to Mikrotik with two ISP

    Posted 08-01-2024 20:10

    Hey guys! I'm kinda new to Juniper and i have setup as following:
    Juniper SRX300 has gre tunnel gr-0/0/0.0 with IPsec vpn local 10.77.255.1/32; remote 10.59.255.1/32; bind-interface st0.5;
    In IKE i have gateway to mikrotik_ISP1 (lets say 1.1.1.1)
    I have static routing option named as 10.59.255.1/32 and set to use next-hop st0.5;

    I'm trying to find out how to configure the second gre over ipsec with same local and remote ip. With only diference in gateway, it would be mikrotik_ISP2 (lets say 2.2.2.2).
    I cannot set second route named the same with difference only in next-hop

    Couldn't find any info fitting my problem. Any advices please?



    ------------------------------
    Yura Fedoruk
    ------------------------------


  • 2.  RE: Advice on configuring Juniper SRX300 IPSec backup tunnel to Mikrotik with two ISP

    Posted 09-05-2024 09:55

    Hi,

    This is a bit odd setup.

    First of all, why would you use GRE, if only st0.x interface should be sufficient? GRE will add additional overhead.

    Also, if you need to configure 2 IPSec tunnels, one via each ISP, then it would be much reasonable to use interface IP towards each ISP as local-address under IKE gateway



    ------------------------------
    FARID AKHUNDOV
    ------------------------------